TY - GEN
T1 - HeapTherapy
T2 - 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015
AU - Zeng, Qiang
AU - Zhao, Mingyi
AU - Liu, Peng
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/9/14
Y1 - 2015/9/14
N2 - For decades buffer overflows have been one of the most prevalent and dangerous software vulnerabilities. Although many techniques have been proposed to address the problem, they mostly introduce a very high overhead while others assume the availability of a separate system to pinpoint attacks or provide detailed traces for defense generation, which is very slow in itself and requires considerable extra resources. We propose an efficient solution against heap buffer overflows that integrates exploit detection, defense generation, and overflow prevention in a single system, named Heap Therapy. During program execution it conducts on-the-fly lightweight trace collection and exploit detection, and initiates automated diagnosis upon detection to generate defenses in real-time. It can handle both over-write and over-read attacks, such as the recent Heartbleed attack. The system has no false positives, and keeps effective under polymorphic exploits.%as the generated defense captures semantic characteristics of exploits. It is compliant with mainstream hardware and operating systems, and does not rely on specific allocation algorithms. We evaluated Heap Therapy on a variety of services (database, web, and ftp) and benchmarks (SPEC CPU2006), it incurs a very low average overhead in terms of both speed (6.2%) and memory (7.7%).
AB - For decades buffer overflows have been one of the most prevalent and dangerous software vulnerabilities. Although many techniques have been proposed to address the problem, they mostly introduce a very high overhead while others assume the availability of a separate system to pinpoint attacks or provide detailed traces for defense generation, which is very slow in itself and requires considerable extra resources. We propose an efficient solution against heap buffer overflows that integrates exploit detection, defense generation, and overflow prevention in a single system, named Heap Therapy. During program execution it conducts on-the-fly lightweight trace collection and exploit detection, and initiates automated diagnosis upon detection to generate defenses in real-time. It can handle both over-write and over-read attacks, such as the recent Heartbleed attack. The system has no false positives, and keeps effective under polymorphic exploits.%as the generated defense captures semantic characteristics of exploits. It is compliant with mainstream hardware and operating systems, and does not rely on specific allocation algorithms. We evaluated Heap Therapy on a variety of services (database, web, and ftp) and benchmarks (SPEC CPU2006), it incurs a very low average overhead in terms of both speed (6.2%) and memory (7.7%).
UR - http://www.scopus.com/inward/record.url?scp=84950138681&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84950138681&partnerID=8YFLogxK
U2 - 10.1109/DSN.2015.54
DO - 10.1109/DSN.2015.54
M3 - Conference contribution
AN - SCOPUS:84950138681
T3 - Proceedings of the International Conference on Dependable Systems and Networks
SP - 485
EP - 496
BT - Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015
PB - IEEE Computer Society
Y2 - 22 June 2015 through 25 June 2015
ER -